Slashdot Mirror
Systemd Named 'Lamest Vendor' At Pwnie Security Awards (theregister.co.uk)
Long-time Slashdot reader darkpixel2k shares a highlight from the Black Hat USA security conference. The Register reports:
The annual Pwnie Awards for serious security screw-ups saw hardly anyone collecting their prize at this year's ceremony in Las Vegas... The gongs are divided into categories, and nominations in each section are voted on by the hacker community... The award for best server-side bug went to the NSA's Equation Group, whose Windows SMB exploits were stolen and leaked online this year by the Shadow Brokers...
And finally, the lamest vendor response award went to Systemd supremo Lennart Poettering for his controversial, and perhaps questionable, handling of the following bugs in everyone's favorite init replacement: 5998, 6225, 6214, 5144, and 6237... "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message," reads the Pwnie nomination for Systemd, referring to the open-source project's allergy to assigning CVE numbers. "But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"
CSO has more coverage -- and presumably there will eventually be an official announcement up at Pwnies.com.
And finally, the lamest vendor response award went to Systemd supremo Lennart Poettering for his controversial, and perhaps questionable, handling of the following bugs in everyone's favorite init replacement: 5998, 6225, 6214, 5144, and 6237... "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message," reads the Pwnie nomination for Systemd, referring to the open-source project's allergy to assigning CVE numbers. "But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"
CSO has more coverage -- and presumably there will eventually be an official announcement up at Pwnies.com.
>"Systemd Named 'Lamest Vendor' At Pwnie Security Awards"
I have no great love of Systemd, but that headline is misleading. The award was the "lamest vendor RESPONSE." But, you know, it is all the rage to have intentionally misleading headlines to grab even more attention than deserved.
Back in the days when Mono was considered a submarine way to give Microsoft control over Linux, there was such universal hate then.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Different goals of the platforms.
FreeBSD wants to be a well-rounded general usage OS
OpenBSD wants to be the pinnacle of security and is willing to throw everything out to achieve that goal
NetBSD wants to be ultra-portable
Dragonfly wants to be a high performance highly scalable and even distributed OS
OpenBSD is undoubtedly safer, but FreeBSD is generally considered to be updated more often and better to use as a desktop/laptop OS. In fact, there is TWO desktop-centric operating systems based on FreeBSD: TrueOS (formerly PC-BSD) and DesktopBSD. So, if your intent is to use it in a desktop/workstation, FreeBSD is probably a better fit.
What about Devuan?
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Rating: pants on fire.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
Most of those who oppose systemd are pining for the Good Old Days of loading the boot target using bat-handle toggle switches on the front of their IMSAI.
We're mostly pining for the Good Old Days when you could trust your init system to do what it was supposed to do.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
What the fuck are you babbling about, schmuck? FreeBSD has an excellent binary package system with automatic dependency resolution: pkg. The user doesn't need to compile source from ports except if he wants something to be built with unusual options (same as linux, incidentally). All you need is "pkg install foo" and it will fetch the package foo and all its dependencies from the repo and install it.
Actually no! Tarantella was acquired by Sun shortly after it spun off SCO, and it didn't have the OSs - it had some utilities like IIRC OpenVision and some NFS like software.
Xinuos was the successor company to SCO, Inc, after it filed Chapter 7. They inherited whatever legacy assets SCO had, as well as any customers, but started w/ a FreeBSD fork for enterprises. No idea whether their management has anything in common w/ that of SCO, Inc.